public inbox for gcc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug c/112274] New: Bug due to unused expressions on s390x
@ 2023-10-29 13:32 22s302h0659 at sonline20 dot sen.go.kr
0 siblings, 0 replies; only message in thread
From: 22s302h0659 at sonline20 dot sen.go.kr @ 2023-10-29 13:32 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=112274
Bug ID: 112274
Summary: Bug due to unused expressions on s390x
Product: gcc
Version: 11.4.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: c
Assignee: unassigned at gcc dot gnu.org
Reporter: 22s302h0659 at sonline20 dot sen.go.kr
Target Milestone: ---
### Environment
- Compiler: s390x-linux-gnu-gcc (64bit)
- Version: gcc version 11.4.0 (Ubuntu 11.4.0-1ubuntu1~22.04)
- Platform: Windows 11_5.15.90.1-microsoft-standard-WSL2
- Build Optimization Options: O0, O1, O2, O3
I installed the s390x-linux-gnu toolchain using the 'apt' package manager in
Ubuntu and utilized s390x-linux-gnu-gcc (version 11.4.0) from it.
### build script & excution script
```bash
s390x-linux-gnu-gcc ./bug_Poc.c -o test_O0 -g -O0 -fsanitize=undefined -Wall
-Wextra -fno-strict-aliasing #-fwrapv
s390x-linux-gnu-gcc ./bug_Poc.c -o test_O1 -g -O1 -fsanitize=undefined -Wall
-Wextra -fno-strict-aliasing #-fwrapv
s390x-linux-gnu-gcc ./bug_Poc.c -o test_O2 -g -O2 -fsanitize=undefined -Wall
-Wextra -fno-strict-aliasing #-fwrapv
s390x-linux-gnu-gcc ./bug_Poc.c -o test_O3 -g -O3 -fsanitize=undefined -Wall
-We
gcc ./bug_Poc.c -o gcc_O0 -g -O0 -fsanitize=undefined -Wall -Wextra
-fno-strict-aliasing #-fwrapv
gcc ./bug_Poc.c -o gcc_O1 -g -O1 -fsanitize=undefined -Wall -Wextra
-fno-strict-aliasing #-fwrapv
gcc ./bug_Poc.c -o gcc_O2 -g -O2 -fsanitize=undefined -Wall -Wextra
-fno-strict-aliasing #-fwrapv
gcc ./bug_Poc.c -o gcc_O3 -g -O3 -fsanitize=undefined -Wall -Wextra
-fno-strict-aliasing #-fwrapv
clang ./bug_Poc.c -o clang_O0 -g -O0 -fsanitize=undefined -Wall -Wextra
-fno-strict-aliasing #-fwrapv
clang ./bug_Poc.c -o clang_O1 -g -O1 -fsanitize=undefined -Wall -Wextra
-fno-strict-aliasing #-fwrapv
clang ./bug_Poc.c -o clang_O2 -g -O2 -fsanitize=undefined -Wall -Wextra
-fno-strict-aliasing #-fwrapv
clang ./bug_Poc.c -o clang_O3 -g -O3 -fsanitize=undefined -Wall -Wextra
-fno-strict-aliasing #-fwrapv
```
```bash
qemu-s390x-static -L /usr/s390x-linux-gnu/ ./test_O0
qemu-s390x-static -L /usr/s390x-linux-gnu/ ./test_O1
qemu-s390x-static -L /usr/s390x-linux-gnu/ ./test_O2
qemu-s390x-static -L /usr/s390x-linux-gnu/ ./test_O3
./gcc_O0
./gcc_O1
./gcc_O2
./gcc_O3
./clang_O0
./clang_O1
./clang_O2
./clang_O3
```
### Source Code
```c
0 // bug_Poc.c
1 #include <stdio.h>
2 short g_4 = 2;
3 short g_8 = 1;
4 int main()
5 {
6 printf("bug = %d\n", (g_4 < (((g_8 << 0) / g_4), g_8)));
7 return 0;
8 }
```
The output varies based on optimization options on the 6th line. I've attempted
several approaches to understand the cause. Even though the left expression of
the comma operator is an unused value, removing the expression triggers the
bug.
### Result
```c
bug = 0
bug = 0
bug = 1
bug = 1
bug = 0
bug = 0
bug = 0
bug = 0
bug = 0
bug = 0
bug = 0
bug = 0
```
### Coclusion
I reported a bug on s390x architecture some time ago. Back then, incorrect
values were generated in O0 and O1, but this time incorrect values are produced
in O2 and O3. When such bugs intersect with other vulnerabilities, it could be
exploited as a powerful attack vector.
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2023-10-29 13:32 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-10-29 13:32 [Bug c/112274] New: Bug due to unused expressions on s390x 22s302h0659 at sonline20 dot sen.go.kr
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).